ModSecurity is a powerful firewall for Apache web servers that's employed to prevent attacks against web apps. It tracks the HTTP traffic to a specific website in real time and prevents any intrusion attempts as soon as it detects them. The firewall relies on a set of rules to do that - for instance, attempting to log in to a script administration area without success a few times triggers one rule, sending a request to execute a certain file which may result in accessing the website triggers another rule, and so on. ModSecurity is one of the best firewalls available and it will preserve even scripts that aren't updated regularly as it can prevent attackers from using known exploits and security holes. Quite comprehensive data about each intrusion attempt is recorded and the logs the firewall keeps are much more specific than the standard logs provided by the Apache server, so you could later examine them and determine whether you need to take additional measures so as to improve the security of your script-driven websites.

ModSecurity in Cloud Hosting

ModSecurity comes standard with all cloud hosting plans that we offer and it shall be switched on automatically for any domain or subdomain which you add/create in your Hepsia hosting Control Panel. The firewall has three different modes, so you'll be able to switch on and deactivate it with just a mouse click or set it to detection mode, so it will maintain a log of all attacks, but it'll not do anything to stop them. The log for any of your sites will include detailed information which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etc. The firewall rules we use are frequently updated and consist of both commercial ones that we get from a third-party security firm and custom ones our system admins add in case that they detect a new kind of attacks. In this way, the websites you host here shall be far more secure without any action expected on your end.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server solutions and if you decide to host your websites with our company, there will not be anything special you will have to do given that the firewall is switched on by default for all domains and subdomains which you add via your hosting Control Panel. If needed, you'll be able to disable ModSecurity for a given site or turn on the so-called detection mode in which case the firewall will still function and record data, but won't do anything to stop potential attacks on your Internet sites. Thorough logs shall be available inside your CP and you shall be able to see which kind of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, etc. We use two kinds of rules on our servers - commercial ones from an organization which operates in the field of web security, and customized ones that our admins occasionally include to respond to newly identified threats on time.

ModSecurity in VPS Servers

Protection is vital to us, so we set up ModSecurity on all VPS servers which are made available with the Hepsia Control Panel as a standard. The firewall could be managed via a dedicated section inside Hepsia and is switched on automatically when you include a new domain or generate a subdomain, so you will not need to do anything manually. You'll also be able to disable it or turn on the so-called detection mode, so it'll maintain a log of potential attacks that you can later study, but will not stop them. The logs in both passive and active modes contain information about the kind of the attack and how it was eliminated, what IP it originated from and other important data that could help you to tighten the security of your websites by updating them or blocking IPs, as an example. Beyond the commercial rules that we get for ModSecurity from a third-party security firm, we also use our own rules since occasionally we identify specific attacks which are not yet present inside the commercial package. This way, we can easily boost the security of your Virtual private server in a timely manner as opposed to awaiting an official update.

ModSecurity in Dedicated Servers

ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain which you create on the server. In the event that a web application does not work correctly, you may either turn off the firewall or set it to function in passive mode. The second means that ModSecurity shall maintain a log of any possible attack which might occur, but will not take any action to stop it. The logs produced in active or passive mode will provide you with additional details about the exact file that was attacked, the nature of the attack and the IP address it came from, and so on. This information will enable you to determine what measures you can take to increase the security of your sites, for instance blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated regularly with a commercial bundle from a third-party security provider we work with, but oftentimes our administrators add their own rules also when they come across a new potential threat.